IRC Zombie problem 2005-09-08 - By Tim Edwards
Back
Richard R. Danielson wrote:
>Hello all,
>Several days ago, I installed the clamav antivirus program on my server. I
>got the rpm's from Dag Wieers' repository. At the same time, I
>(inadvertently) installed several other rpm's from his repository - eel2,
>intltool, lftp, libxml2, libxml2-devel, libxml2-python, logwatch, mtools,
>mtr, nmap, perl-Digest-SHA1, Perl-Net-DNS, perl-XML-Parser, rsync,
>spamassassin, splint, syslinux and vmms.
>
>
I think you can rule out Dag as being the cause. His repos are used by
probably hundreds or thousands or millions of users every day (including
our systems here :)) so there'd be a major outcry if something nasty had
got into one of his packages. Try booting off a LiveCD (Knoppix or
something) and running a rootkit hunter (eg. chkrootkit). Also look on
your system for suspicious files and if you find any google them (from
another machine - don't connect yours to the net) - see if you can find
any details about what's infected your system. Keep in mind though that
you can't necessarily trust the commands on your system anymore (eg. ls,
ps etc.) as they may have been trojaned so do all this from a LiveCD.
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
